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Safety analysis is one of the most difficult aspects of integration 


Complex systems require integrated analysis teams. 





An Example from History 

“Over the last two decades, little to no progress has been 
made toward attaining integrated, independent, and 
detailed analysis of risk to the Space Shuttle system. 
System safety engineering and management is separated 
from mainstream engineering, is not vigorous enough to 
have an impact on system design, analysis hidden in other 
safety disciplines at NASA Headquarters.” Columbia 
Accident Investigation Report, Pg. 193, August 2003 


A New Opportunity 


NASA is working on the Constellation Program to go 
to the Moon and beyond. The Program contains a 
number of projects: 

- The Ares I Launch Vehicle for the Orion Crew Module 

- The Ares V Launch Vehicle to launch large payloads into 
orbit, including the Earth Departure Stage (EDS) 

- The Orion vehicle to transport the crew to orbit and to other 
destinations 

- The Altair Lunar Lander 



Orion 


Altair 






A New Opportunity 


The Ares Project managed by NASA Marshall Space 
Flight Center contains 

- The First Stage, a solid rocket motor based on the Shuttle 
Solid Rocket Booster 

- The Upper Stage, with similarities to the Shuttle External 
Tank and other launch vehicles 

- The Upper Stage Engine, based on the J-2, liquid 
oxygen/liquid hydrogen upper stage engine for Saturn V 


Ares I Crew Launch Vehicle 






♦ ~25-mT payload capacity 

♦ 2-Mlb gross liftoff weight 

♦ 309 ft in length 



First Stage 

Derived from Current Shuttle Reusable 
Solid Rocket Motor 1 Booster (RSRM/B) 
Five Segments/Polybutadiene 
Aayionitnde (PBAN) Propellant 

• Recoverable 

• Mew Forward Adapter 


Upper Stage 

280-klb Uquid OxygerVliquid Hydrogen 
(LOX/LHj., Stage 
5.5-m Diameter 

Aluminum-Lithium (Ai-Li) Structures 
Instrument Unit and interstage 
RCS / Roll Control for First Stage flight 
CLV Avionics System 


Upper Stage Engine 

Saturn J-2 Derived Engine (J-2X) 
Expendable 


Ares Project Elements 


• The Project is divided by Element 

- First Stage has a contractor for the element, 
management is in-house at MSFC (existing 
working relationship from Shuttle) 

- Upper Stage Engine has a contractor for the 
element , management is in-house at MSFC 
(existing working relationship from Shuttle) 

- Upper Stage is in-house for design 

- The Vehicle Integration portion of the project is in- 
house 


Ares System Safety 


Formation of Safety Teams for the Project 
- Each element has a safety team 

• First Stage has a contractor to develop the 
hazard analysis and hazard reports 

• Upper Stage Engine has a contractor to 
develop the hazard analysis and hazard reports 

• Upper Stage performs the hazard analysis and 
develops the hazard reports in house 

• The Vehicle Integration portion of the project 
performs the hazard analysis and develops the 
hazard reports in house 


Ares Vehicle Integration (VI) System 

Safety 

Interrelated Vehicle Integration Safety Issues 

- Lack of available trained system safety engineers 

• Other projects nation-wide have created a demand 

• System Safety is rarely available in college and 
university curricula 

- Difficulty breaking down a complex system into a 
complete understandable number of hazard 
reports 

- Communicating of the integrated hazards to 
engineering, project and program management 


Ares VI System Safety 


The Team 

- Formed a team with a combination of experience 
in 

• Integrated hazard analysis for space systems 

• Systems engineering 

• Integrated hazard analysis for other types of complex 
government systems (e.g., other Constellation projects, 
military projects) 

• Specific NASA disciplines related to safety (e.g., Range 
Safety, reliability) 

- Formed a team which would interact in an open 
forum 



First Stage 


Ares VI System Safety 

Team break down choices 

- By Discipline (e.g., electrical, mechanical, fluids, 
software) 

• Advantage: Keeps engineers in their comfort zone 

• Disadvantage: One person of each discipline is not 
available 

- By Product (Elements) 

• Advantage: Easy to follow element hazard reports 

• Disadvantage: Makes integration across elements 
difficult 

- By Hazard Category (using customized standard 
hazard list) 

• Advantage: Integrates across elements with one person 
being responsible for a category 

• Disadvantage: Requires interface with multiple elements 


Discipline 


Which 
Way to 
Divide? 

Electrical 

Mechanical 

Software 

Fluids 

Structural 

Operations 


Hazard Category 



Ares VI System Safety 


Ares Integration uses Hazard Category 
breakdown because 

- The Ares elements use hazard category 

- Past accidents integrated hazards cut 
across disciplines and have been related to 
a hazard category 

• Challenger was fire explosion caused by 
leakage 

• Columbia was structural failure caused by 
debris 


Ares VI System Safety 


Communication 

- With element engineers (Upper Stage, Upper Stage Engine, 
First Stage) 

• The element system safety engineers are part of VI team 
meetings 

• The element project engineers review the hazard reports 

• Ares VI attends element safety reviews 

- With Engineering Directorate 

• An Engineering representative is on the Ares VI safety team 

• A process is in place for Engineering to review hazard reports 
and analysis 

• There is interaction through support of milestone reviews, 
meetings, and trade studies 

- With Ares Project Management 

• A Management process is in place to review Hazard Reports 
and Analysis to approve them 


Ares VI System Safety 

Communication (continued) 

- With the Program 

• Presentation of the Hazard Analysis and Hazard Reports 
through a safety engineering review panel 

- Constellation Safety Engineering Review Panel (CSERP) 

» Panel chaired by Program Safety 
» Panel supported by System Safety experts 
» Panel supported by Project and Program engineering 

- CSERP reviews safety products 

» Products provided in written format 
» Products are presented at panel meetings 

- CSERP reports to Program Manager 

» Provides input on risk acceptance 

» Brings forth hazards for acceptance by other 
cognizant panels 


Conclusion 


System Safety Team formation must 

- Consider outside constraints (e.g., 
availability of staff) 

- Consider how interfacing teams are 
arranged 

- Consider the most effective way to assign 
areas for analysis to integrate across 
systems 


